How to extract public key from a JWKS using openssl library over shell

Question

I fetched JWKS from an endpoint and it looks something like this:

{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "x5t": "M2maFm3VYlMBOn3GetVWGXkrKrk",
      "kid": "SIGNING_KEY",
      "x5c": "MIIC………(base64 encoded cert)………..tow==",
      "alg": "RS256"
    }
  ]
}

I am trying to convert this x5c value into public key (.pub) file using shell and openssl

I have tried copy pasting the x5c value from the above json and added to a .pem file by doing:

vi certificate.pem
fold -w 64 certificate.pem

and then adding the following in the certificate.pem file too

-----BEGIN CERTIFICATE-----
<value>
-----END CERTIFICATE-----

After this I tried running the following to get the public key:

openssl x509 -pubkey -inform pem -in certificate.pem -noout > key.pub

but got an encoding error similar to this:

unable to load certificate
140735207381436:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140735207381436:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509_CINF
140735207381436:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=cert_info, Type=X509
140735207381436:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:

What have I messed up? Thanks

Answer 1

When doing:

vi certificate.pem
fold -w 64 certificate.pem

You forgot to update your file with the folded content, e.g.:

fold -w 64 cert.pem > folded.pem && cat folded.pem > cert.pem && rm folded.pem